Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Securing Your Supply Chain with CIS and Tripwire
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware

Securing Your Supply Chain with CIS and Tripwire

5 years ago Tim Erlin
Securing Your Supply Chain with CIS and Tripwire

Where were you when you first heard about the SolarWinds breach? It’s not unusual for information security professionals to learn about a breach. Keeping track of the news is part of the job. The SolarWinds attack, however, was different for two primary reasons. 

First, it reached the level of mainstream news. The majority of breaches stay mostly in the industry press. Only a few break into the now-mislabeled ‘evening news.’ Prior to this event, the average person would never have heard of SolarWinds. Why would they? SolarWinds’ products were the purview of system administrators and engineers. There were nuts and bolts, not buildings.

The fact that these products were so prevalent in so many corporations is what ultimately made the attack so newsworthy. While the average person was unaware of SolarWinds, most of their activities on any network were subject to the various tools produced by the SolarWinds corporation. In fact, the platform on which you are reading this probably has at least one SolarWinds product in its environment. This attack had a very broad impact.

An attack on the supply chain

The second reason that this incident was so significant is that it was a supply chain attack, which creates a challenge for just about every industry sector. No organization functions without a supply chain, and a successful attack against any supplier, whether “upstream” or “downstream,” threatens every other link in that chain. Many people think of the supply chain as trucks moving products or hardware manufacturers, but the chain spreads across a much larger spectrum.  Software is part of a supply chain, and that is exactly what was exploited in this now infamous compromise.

Of course, there are many supply chain attacks that do not appear on the evening news. All organizations need to defend against these compromises. They need ways to detect the tactics, techniques and procedures (TTP) as well as the indicators of compromise (IOC) in their environments. 

One way to address supply chain risk is by looking to the guidance offered by the Center for Internet Security (CIS). The CIS Controls have been in existence for over a decade, and they are notable for their depth and detail. Any organization that effectively implements the CIS “20 Controls” is well-positioned to defend against many common attacks. 

Tripwire and the CIS Controls

I recently sat down with Kathleen Moriarty, the chief technology officer at CIS, and David Henderson, a federal systems technical sales engineer, to discuss how the CIS controls be used to protect against supply chain attacks and how Tripwire can help in that implementation.

Many organizations use the National Institute of Standards and Technology (NIST) documentation and frameworks such as the International Standards Organization’s (ISO) 27001 series for information security management. These are excellent resources, but to add to those, the CIS controls help towards the implementation of the security recommendations contained in those documents and frameworks.

The CIS controls are categorized to align with the most prominent threats to an organization. (You can learn more about that here.) More recently, the latest version of the Controls adds prioritization to this arrangement. The team that organized the controls takes the time to review them and map them to the MITRE ATT&CK framework and further correlates that data with breach reports such as the Verizon Data Breach Investigations Report (DBIR). According to Moriarty, “What this tells us is essentially a validation on the prioritization.” She adds further that in one implementation group, “Nearly 85% of the risk was reduced from known threats” by using the Controls. These findings are important from the practical security, budgetary and supply chain management perspectives.

From a practical standpoint, an 85% correlation makes it clear that the controls are effective. From a budgetary standpoint, nothing helps more to secure much-needed finances for a security project than hard numbers. In the realm of supply chain management, these numbers also add influence to requiring that every link in your supply chain adheres to a program of implementing the Controls.

One reason why many organizations are deficient in their Controls is because of the difficulty of implementing all of them. To the average person, a mere 20 controls might seem like an easy task, yet anyone who has spent time working through the Controls quickly finds the difficulties. These difficulties are not due to the contents of the Controls themselves but to the complexity of most networks. Fortunately, new products are being created that can help with this daunting task.

David Henderson states it this way: “One of the first challenges for any organization is obtaining a baseline for the current security condition of the environment. Along with that, understanding an organization’s compliance state is a necessity.” With over 900 benchmarks, Tripwire Enterprise can help you achieve these goals. CIS benchmarks are only part of the policy collection that makes up part of the Tripwire product.

Once your baselines are established, you can see your current compliance state. The reporting features in Tripwire Enterprise make it easy to see all things good and bad, allowing you to devise a remediation plan. Once remediation has been achieved, monitoring the environment can be set up on a customizable schedule. What better method to draw your organization closer to achieving the CIS Controls? 

When the supply chain concern is in a software product, change management and integrity monitoring are required to guarantee confidence in the product. If you are a software development organization, integrity monitoring can mean the difference between a secure product and a compromised one. If your organization isn’t in the software development business, you can use integrity monitoring to verify that files in your environment aren’t undergoing unauthorized changes. Unlike traditional anti-virus detection, integrity monitoring doesn’t suffer from false positives, as it focuses on detecting a change rather than a predictive, heuristic-based algorithm.

Tripwire Enterprise also gives you the ability to trace attacks not only after the fact but in-progress. Real-time change detection can identify attacker activity, even when it’s not obviously malicious. The change data collected is incredibly useful for forensics during incident response, as well.

We understand the difficulty of implementing the CIS controls. However, thanks to advances in tools and technologies, the task is no longer a manual one. Tripwire can automate some of those tasks, giving you and your team the time to focus on more pressing matters. If you are looking to ease your supply chain concerns, look to Tripwire.

The post ” Securing Your Supply Chain with CIS and Tripwire” appeared first on TripWire

Source:TripWire – Tim Erlin

Tags: Compliance, Critical Severity, Goverment, Malware, TripWire

Continue Reading

Previous Security Bug Allows Attackers to Brick Kubernetes Clusters
Next Beware of These 3 Scams Making the Rounds This Tax Season

More Stories

  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

3 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

8 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

16 hours ago [email protected] (The Hacker News)

Recent Posts

  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
  • The Buyer’s Guide to AI Usage Control
  • Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT